×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Microsoft's Age-Old Image Library 'Clip Art' Is No More

badger.foo No longer OOXML ISO compliant then? (110 comments)

If I remember correctly, the OOXML ISO standard that was rushed through some years back included specifications for a clipart library not entirely unlike the Microsoft Office one. I suppose this move means that Microsoft has give up on adhering to its wholly-owned ISO standard.

about three weeks ago
top

NASA Finds a Delaware-Sized Methane "Hot Spot" In the Southwest

badger.foo Relative sizes (213 comments)

For UK and European readers, "the size of Delaware" is just a tad more than a fourth of "the size of Wales".

about 2 months ago
top

DNA Reveals History of Vanished "Paleo-Eskimos"

badger.foo Wiped out by new diseases perhaps? (57 comments)

A non-violent mass die-off could suggest something along the lines of a population's first exposure to a new disease (as in one nobody in the population has any immunity for) of some sort, perhaps several. Slightly more modern examples include native american populations that essentially disappeared during the early days of European exploration and settlement of north america.

about 4 months ago
top

30-Day Status Update On LibreSSL

badger.foo The Linux Foundation is not actually that evil (164 comments)

Unfortunately the summary gets several important facts wrong, including the status of support from the linux fooundation -- last status is ongoing discussions, not total ignore as the post summary says. And you can see what Bob actually said in the video jason Tubnor uploaded to youtube The real Bob Beck on OpenSSL talk

about 7 months ago
top

OpenSSL Cleanup: Hundreds of Commits In a Week

badger.foo Re:This isn't fixing SSL (379 comments)

Take a look at the actual commits. Quite a bit of 'KNF', but far from all of it. There's a lot of bugs removal that will benefit everyone.

about 8 months ago
top

OpenSSL Cleanup: Hundreds of Commits In a Week

badger.foo Re:Merged back or fork? (379 comments)

The work by the OpenBSD developers happens in the OpenBSD tree. Whether or not the OpenSSL project chooses to merge back the changes into their tree is yet to be seen. Given the activity level in the OpenSSL tree lately I find it more likely that the primary source of a maintained open source SSL library shifts to the OpenBSD project. To the extent that portability goo is needed it will likely be introduced after the developers consider the code base stable enough.

about 8 months ago
top

OpenSSL Cleanup: Hundreds of Commits In a Week

badger.foo Re:I would think (379 comments)

This is actually the OpenBSD developers diving in because the upstream (OpenSSL) was unresponsive. If you look at the actual commits, you will see removal of dead code such as VMS-specific hacks, but also weeding out a lot of fairly obvious bugs, unsafe practices such as trying to work around the mythical slow malloc, feeding your private key to the randomness engine, use after free, and so on.

It would look like it's been a while since anybody did much of anything besides half hearted scratching in very limited parts of the code. This is a very much needed effort which is likely to end up much like OpenSSH, maintained mainly as part of OpenBSD, but available to any takers. We should expect to see a lot more activity before the code base is declared stable, but by now it's clear that the burden of main source maintainership moved to a more responsive and responsible team.

about 8 months ago
top

Apple's Spotty Record of Giving Back To the Tech Industry

badger.foo Also, OpenBSD's PF modedd w/incompatible licenc (268 comments)

Apple's main interface to the opensource world is through the FreeBSD project, which is how they also drew in PF, the OpenBSD packet filter and most likely shipped more copies of that code than any other consumer. However, they made some changes that they contributed back to the world #ifdef'ed with their own incompatible license. I wrote about that a couple of years back for Call for Testing magazine, see http://callfortesting.org/macp...

about 8 months ago
top

New Fujitsu Laptop Reads Your Palm, For Security

badger.foo Just another password that's impossible to change (107 comments)

I completely fail to see why this is supposed to be a good idea.

Whether it's port knocking, fingerprint reading or palm reading as in this case, can anybody point out why this is a more 'secure' authentication method than anything else?

I tend to think that a fingerprint or similar may possibly serve as a substitute for a user name, but would you want to let people sign in using usernames only, no password, ssh key or a generated one time pad? Other than that it was probably fun to make, I don't see any advantage at all to using a known constant as a substitute for the familiar user name plus password and/or other changeable secret.

1 year,21 days
top

Ask Slashdot: Best Open Source Project For a Router/Wi-Fi Access Point?

badger.foo OpenBSD - compact base + up to date PF! (193 comments)

My money is on OpenBSD for projects like this. You get very compact base system that still has all the stuff you need in there for a project like this. And even my old PF tutorial has enough info to get you up and running.

But with the man pages and the OpenBSD FAQ you really have all the information you need at your fingertips.

about a year ago
top

Amazon: Authors Can't Review Books

badger.foo Could be this applies to fiction authors only (248 comments)

There's a slight hope that they either did not include tech authors in the ban or just didn't get around to us techies just yet. When I checked just now my review of Michael W. Lucas' SSH Mastery was still available.

about 2 years ago
top

Huawei Offers 'Complete and Unrestricted' Source Code Access

badger.foo Why stop there? Why not go for public review? (255 comments)

Much like I assume a lot of other /. readers, my trust in the equipment I use to do what it's supposed to do comes from my access and ability to read the source code. There have been minor dust-ups in the open source world about allegations that other governments than China inserted back doors in widely used software, and we still see those allegations surfacing from time to time, but never with anything solid to back them up. I believe searches on the obvious keywords will turn up stories linked from here, as well as links to source code repositories of very high quality indeed. So my advice for Huwaei is, let the world see your source code, and please set up a mechanism for reviewing your own code and patches.

more than 2 years ago
top

Ask Slashdot: Best Way To Monitor Traffic?

badger.foo Look at Netflow based tools such as nfsen (338 comments)

If you can set up your gateway to export Netflow data, you get excellent data for tracking your traffic (connection metadata) without all the bulk of keeping a full copy of the traffic.

There's a large number of tools available for collecting, analyzing and otherwise dissecting collected Netflow data, with a good number most likely available via your favorite free Unix-like operating system's packages collection. My favorite combo is to set up an OpenBSD box as the gateway, have it export traffic data via the pflow(4) facility and do the collection and analysis bits somewhere via nfdump/nfsen (see eg nfsen.sourceforge.net for info).

There are various resources available within direct reach of web search, but I would also recommend taking a look at Michael W. Lucas' book Network Flow Analysis for a nice treatment of Netflow in general (it uses flow-tools, but most of what he writes will be useful in the context of other tools too).

more than 2 years ago
top

Getting the Most Out of SSH

badger.foo Also, remember MW Lucas' new ssh book (284 comments)

I think it's worth mentioning to anybody who enjoyed this article that Michael W. Lucas has a fresh SSH book out called 'SSH Mastery'. Initially an ebook, but becoming available right about now in a paper version too.

Amazon will have it, or if you're shopping for OpenBSD stuff anyway (as you should, OpenSSH which is almost certainly the ssh and sshd on your system, is essentially an in-tree development at OpenBSD), www.openbsd.org/books.html and tentacles of the ordering system will show you where to get it.

more than 2 years ago
top

Europe's Largest IT Company To Ban Internal Email

badger.foo The problem isn't email, it's Microsoft Exchange (601 comments)

I think the main problem here is that at least a s significant subset of the suits (and probably other non-techies) tend to think of Microsoft Exchange and its obnoxious client as the only way to handle email. Keep in mind that the main design smells appointment book not messaging. My longish rant on the topic can be found at http://bsdly.blogspot.com/2011/02/problem-isnt-email-its-microsoft.html , enjoy!

- Peter

about 3 years ago
top

PETA To Launch Pornography Website

badger.foo a .xxx domain, seriously? (348 comments)

I'm pretty sure that embracing the root zone poisoning .xxx domain wankers is not ever going to earn them enough cash to help a single animal in need. This is a total waste of time and money IMNSHO. The kind of story you'd expect to see in very-late March or very-early April, but that doesn't fit the calendar in that particular universe I inhabit.

more than 3 years ago
top

Mozilla MemShrink Set To Fix Firefox Memory

badger.foo Nice they finally noticed (375 comments)

firefox developers could do a lot worse than reading the openbsd-misc thread that starts with http://marc.info/?l=openbsd-misc&m=130683944229077&w=2 and take some of it to heart.

In the meantime I'd love any pointers at all to where you can buy the systems they used for development and testing - apparently you can actually buy systems with infinite memory so you can do extensive testing and never notice firefox has a memory management problem.

Number of firefox crashes while typing this comment: four.

more than 3 years ago
top

Ask Slashdot: What To Do With Other People's Email?

badger.foo The 'no-reply' silliness is the real problem (619 comments)

I think you're touching on a very large part of the problem when you write

> The big problem I am having is with companies and websites. These emails are often no-reply, which means I can't send back a quick note.

I've always thought that sending messages with invalid return addresses or with a return address that's routed to the functional equivalent of /dev/null is intolerably rude. In fact, I think sending a message with the intention of discarding any reply is pretty close to the maxiumum amount of disrespect you can show your message's recipient.

I have one message to the executives of companies that send email with 'no-reply' return addresses deserve to be faced with a boycott: If you're not interested in reading our replies, we're not interested in sending you any money either.

I don't think Microsoft Exchange addiction (as I've blogged on in the past, see my .signature) should count as an excuse either. Sending mail with a deliverable return address is a matter of a minimum of common courtesy and civilty.

more than 3 years ago
top

Linux Gets Dynamic Firewalls In Fedora 15

badger.foo OpenBSD's PF has been adaptive for years (176 comments)

The concept isn't very new or radical, but it will be interesting to see how their implementation behaves in real life.

Over in OpenBSD land, PF has supported tables of IP addresses that can be manipulated on the fly for years (see eg these table samples. One common use is (courtesy of another useful adaptive feature called state tracking options) to detect and block bruteforcers (see eg this set of tutorial examples). In addition, the OpenBSD versions of dhcpd and bgpd as well as other applications are routinely set up to interact with your filtering config via tables.

Another adaptive or dynamic feature is anchors, named sub-rulesets where applications such as a proxy (ftp-proxy for example) or relayd (the load balancer) can insert and delete rules as needed. You can manipulate rules inside anchors from the command line too, of course.

My BSDCan slides has more material, as of course does The Book of PF, and never forget The PF docs as the authoritative source.

more than 3 years ago

Submissions

top

The Password? You Changed It, Right?

badger.foo badger.foo writes  |  about two weeks ago

badger.foo (447981) writes "Right at this moment, there's a swarm of little password guessing robots trying for your router's admin accounts. Do yourself a favor and do some logs checking right away. Some European ISPs have been forced to do some ad-hoc reconfigs to end user equipment recently, so do check you equipment. And of course, this turned up in my lap while I was on my way back from a most enjoyable passwords conference — traces of what appears to be a distributed password guessing efforts. Read on for data and the beginnings of analysis."
Link to Original Source
top

Password Gropers Hit Peak Stupid, Take the Spamtrap Bait

badger.foo badger.foo writes  |  about 4 months ago

badger.foo (447981) writes "Peter Hansteen reports that a new distributed and slow-moving password guessing effort is underway, much like the earlier reports, but this time with a twist: The users they are trying to access do not exist. Instead, they're take from the bsdly.net spamtrap address list, where all listed email addresses are guaranteed to be invalid in their listed domains. There is a tiny chance that this is an elaborate prank or joke, but it's more likely that via excessive automation, the password gropers have finally Peak Stupid."
Link to Original Source
top

Have you changed your password lately? Does it even matter?

badger.foo badger.foo writes  |  about 7 months ago

badger.foo (447981) writes "Do frequent password changes actually matter security wise? Or do they just make us pick the minimum complexity password the system will accept? I want your opinion. In his latest piece, Peter Hansteen wants your opinion on common security enforcement practices and even offers a poll about enforced password changes. Let loose the debate rage!"
Link to Original Source
top

What is it that you want to learn about OpenBSD 5.5?

badger.foo badger.foo writes  |  about 8 months ago

badger.foo (447981) writes "In the upcoming OpenBSD 5.5 release there will be a number of improvements, including a whole new traffic shaping system, automatic installer improvements and the switch to 64-bit time_t.

But OpenBSD has been the source of lots of innovation and improvements in BSD and Unix in general over the years, and in preparation for his two BSDCan tutorials, Peter Hansteen asks, What do you want to learn about OpenBSD 5.5 (and possibly future directions)?"

Link to Original Source
top

Yes, You Too Can Be An Evil Network Overlord - On The Cheap With OpenBSD, pflow

badger.foo badger.foo writes  |  about 10 months ago

badger.foo (447981) writes "Have you ever wanted to know what's really going on in your network? Some free tools with surprising origins can help you to an almost frightening degree. Peter Hansteen shares some monitoring insights, anecdotes and practical advice in his latest column on how to really know your network. All of it with free software, of course."
Link to Original Source
top

Effective Spam and Malware Countermeasures Using Free Tools

badger.foo badger.foo writes  |  about a year ago

badger.foo (447981) writes "In the seemingly never-ending fight against spam and malware, are the free tools really better? In a recent article titled Effective Spam and Malware Countermeasures — Network Noise Reduction Using Free Tools, Peter Hansteen offers a strong argument that free tools, with emphasis on the ones supplied by OpenBSD, are indeed better performing and significantly more cost effective than commercial counterparts. The article also has a history of malware and spam with chuckleworthy anecdotes."
Link to Original Source
top

The UK "Porn" Filter Blocks Kids' Access To Tech, Civil Liberties Websites

badger.foo badger.foo writes  |  about a year ago

badger.foo (447981) writes "It fell to the UK Tories to actually implement the Nanny State. Too bad Nanny Tory does not want kinds to read up on tech web sites such as slashdot.org, or civil liberties ones such as the EFF or Amnesty International. Read on for a small sample of what the filter blocks, from a blocked-by-default tech writer."
Link to Original Source
top

Modern Microsoft Word Does Not Reliably Read Earlier Formats: A 1989 Print Test

badger.foo badger.foo writes  |  about a year ago

badger.foo (447981) writes "Prompted by a fabulous rant by Charlie Stross named Why Microsoft Word must Die, Peter Hansteen dug out from his archives the simplest possible 1989-vintage Microsoft Word .DOC document, and has the data to prove that newer versions or Microsoft Word do in fact not reliably read files from earlier versions. Case in point: An ASCII table print test generated and saved as .DOC in 1989."
Link to Original Source
top

The Hail Mary Cloud And The Lessons Learned

badger.foo badger.foo writes  |  about a year ago

badger.foo (447981) writes "Against ridiculous odds and even after gaining some media focus, the botnet dubbed The Hail Mary Cloud apparently succeeded in staying under the radar and kept compromising Linux machines for several years. This article sums up the known facts about the botnet and suggests some practical measures to keep your servers safe."
Link to Original Source
top

The Term Hackathon Has Been Trademarked In Germany

badger.foo badger.foo writes  |  about a year and a half ago

badger.foo (447981) writes "Trademarking somebody else's idea is behind their back is both a bad idea and highly immoral. If it wasn't your idea, you don't trademark and you don't patent. It really is that simple, people.

The news that the term hackathon had been trademarked in Germany reached me late last week, via this thread on openbsd-misc. The ideas sounded pretty ludicrous ... (see the rest at http://bsdly.blogspot.ca/2013/05/the-term-hackathon-has-been-trademarked.html)"

Link to Original Source
top

Keep smiling, waste spammers' time with OpenBSD tools

badger.foo badger.foo writes  |  about a year and a half ago

badger.foo (447981) writes "When you're in the business of building the networks people need and the services they need to run on them, you may also be running a mail service. If you do, you will sooner or later need to deal with spam. This article is about how to waste spammers' time and have a good time while doing it, using the free tools OpenBSD offers to do your greylisting and greytrapping before any content filtering. It's fun and easy."
Link to Original Source
top

Maintaining A Publicly Available Blacklist - Mechanisms And Principles

badger.foo badger.foo writes  |  about a year and a half ago

badger.foo (447981) writes "When you publicly assert that somebody sent spam, you need to ensure that your data is accurate. Your process needs to be simple and verifiable, and to compensate for any errors, you want your process to be transparent to the public with clear points of contact and line of responsibility. Here are some pointers from the operator of the bsdly.net greytrap-based blacklist."
Link to Original Source
top

SSH Password Gropers Are Now Trying High Ports

badger.foo badger.foo writes  |  about 2 years ago

badger.foo writes "You thought you had successfully avoided the tiresome password guessing bots groping at your SSH service by moving the service to a non-standard port? It seems security by obscurity has lost the game once more. We're now seeing ssh bruteforce attempts hitting other ports too, Peter Hansteen writes in his latest column."
Link to Original Source
top

You're Being DDOSed - What Do You Do? Name And Shame?

badger.foo badger.foo writes  |  about 2 years ago

badger.foo writes "When you're hit with a DDOS, what do you do? In his most recent column, Peter Hansteen narrates a recent incident that involved a DNS based DDOS against his infrastructure and that of some old friends of his. He ends up asking, should we actively publish or 'name and shame' DDOS participants (or at least their IP addresses)? How about scans that may or may not be preparations for DDOSes to come?"
Link to Original Source
top

Petition For Pardon Of PirateBay's Peter Sunde

badger.foo badger.foo writes  |  more than 2 years ago

badger.foo writes "Remember the PirateBay affair, that included a criminal copyright infringement trial that railroaded four Swedish techs into jail terms and multiple million fines and damages? Now there's an avaaz.org petition for Peter Sunde, one of the defendants' pardon. Read up on the backrground in English or the original Swedish, then if you agree that the process did not deliver justice, please go to the petition page and add your signature."
Link to Original Source
top

Why Not Use Port Knocking?

badger.foo badger.foo writes  |  more than 2 years ago

badger.foo writes "Whenever you write about security in general and SSH security in particular (and for good measure also get slashdotted for your efforts), the comments inevitably turn up a variety of useful and less useful suggestions. One such suggestion invariably involves the odd practice called Port Knocking, which I've been circling for a while as a possible article subject. If you've considered including this in your arsenal of security features, I'll treat you to a few why nots in the following. Read on if you're interested in actual security in practice."
Link to Original Source
top

The Optimum Attack Rate for SSH Bruteforce? 1 Per 10 Seconds

badger.foo badger.foo writes  |  more than 2 years ago

badger.foo writes "Remember the glacially slow Hail Mary Cloud SSH bruteforcers? They're doing speedup tweaks and are preparing a comeback, some preliminary data reported by Peter Hansteen appear to indicate. The optimum rate of connections seems to be 1 per ten seconds, smack in the middle of the 'probably human' interval."
Link to Original Source
top

OpenBSD IPv6 Fragment Handling Sanity (+RFC compliance) Well Ahead of the Pack

badger.foo badger.foo writes  |  more than 2 years ago

badger.foo writes "In a blog post titled IPv6 NIDS evasion and improvements in IPv6 fragmentation/reassembly, security consultants SI6 Networks report on some experiments they conducted recently in order to test IPv6 fragment handling in various general-purpose operating systems.

While the authors did not say so in so many words, the conclusion is that OpenBSD is ahead of the pack in both RFC compliance as well as sane and secure handling of IPv6 fragments.

Read the full article over at the SI6 site: IPv6 NIDS evasion and improvements in IPv6 fragmentation/reassembly"

Link to Original Source
top

Are Sensible Password Policies Starving The Hail M

badger.foo badger.foo writes  |  more than 3 years ago

badger.foo writes "Remember the Hail Mary Cloud of distributed ssh password guessing bots? They're back (or may have been active all along), but the latest news is that they seem to be numbering hundreds, not thousands like they did some years ago. Peter Hansteen speculates that maybe we are seeing the effect of sensible passwords polidies or a move to key only ssh logins. And they're still not even attempting to attack OpenBSD systems."
Link to Original Source

Journals

badger.foo has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?